New HMRC SMS Phishing Scam Targets Self-Employed Workers | #onlinescams | #scams | #internetscams


A new HMRC SMS phishing scam is being used by fraudsters to target self-employed workers, according to Griffin Law, a niche litigation practice based in the UK.

The scheme begins with a text message purporting to be from HMRC, the UK government’s tax collection department. It tells the recipient that they are due a tax refund and should apply online via a site with the URL http:ukservice.org.

Some users may get an alert from their web security provider that the website is not secure. However, many PC users may not have any web security installed.

The website uses official HMRC branding and looks very similar to the format of the UK government’s website GOV.UK. The fake website claims that it provides users with ‘Coronavirus (Covid-19) guidance and support’. It requests visitors to fill in their personal details including their name, home address and government gateway log-in details. The form then suggests it is calculating a ‘tax refund’ which provides the result of £324.37 – even when fake credentials are entered.

Thereafter, users are asked to provide their credit card details, including the expiry date, name on the card, sort code and card verification value (CVV). It then asks for further verification of the user by requesting their passport number for the purpose of identity theft.

Griffin Law said that around 80 self-employed London-based workers had reported receiving the scam to their respective accountant.

According to Stav Pischits, CEO of Dynance, a division of Transputec, the people reporting the scam to their respective accountancy firms are all company owners or registered directors.

“We believe they are being targeted specifically due to having the responsibility of being an employer and managing staff salaries,” he said.

He suggested that the reason fraudsters use SMS messages as a route of communication is because companies often have email systems in place to block hostile inbound requests.

“The idea is to trick the victim into heading straight to the HMRC-branded site and fool them into chasing a non-existent tax refund without properly checking the legitimacy of the URL,” he said.

However, Pischits said that neither Griffin Law or Transputec are aware of anyone who has come forward to say they have actually fallen for the scam.

According to Donal Blaney, principal at Griffin Law, the UK authorities need to do more to clamp down on these types of scams.

“It’s high time HMRC, the ICO and the police work more closely together, using the many powers they already have, to stop ordinary taxpayers being scammed like this. It’s high time taxpayers were properly protected from conmen who are taking advantage of the pandemic in such a despicable way as this,” he said.



Click here for the original Source.

_________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply